How to Spend Your Cloud Security Dollar [WEBINAR]

According PWC’s 2015 Global State of Information Security Survey, the total number of security incidents detected climbed to 42.8 million this year, an increase of 48% from 2013. That’s the equivalent of 117,339 incoming attacks per day, every day. In our latest webinar, How to Spend Your Cloud Security Dollar, HOSTING product manager Tricia Pattee provided insights regarding today’s cyber threats and experts tips on how to get the most out of your cloud security investments. Missed it? Read on for highlights of Tricia’s presentation. You can also view it in its entirety on-demand.

Three Reasons to Invest in Cloud Security

Breaches are expensive

Cloud security has become a top priority for IT and security executives as outside cyber threats have become more sophisticated, and internal security incidents continues to rise. With an increase in breaches and cyber attacks come an increase in the financial costs of investigating and mitigating these incidents. Respondents in PWC’s survey reported loses of $20 million or more due to these events – twice as much as in 2013. These costs include incident mitigation as well as lost business, operational disruptions, tarnished brands and fees associated with the breaches.

Internal security incidents are just as likely to occur as external ones

And the best part? While many companies focus primarily on protecting themselves from external threats, internal incidents are just as likely to occur. In fact, more than 9 out of 10 healthcare data breaches affecting 500 or more individuals published on the U.S. Department of Health & Human Services website were caused by organizations’ own employees, not hackers.

How much should your organization spend on cloud security?

If you ask your IT director this question, she will probably say, “A helluva lot more than we’re spending now.” And she’d be right. In 2014, the average information security budget dropped to $4.1 million, down 4% over last year. Today, organizations invest between 3 -5 % of their overall IT budget on security.

Top 6 essentials for your cloud security spend

Patching

Patchingensures that your systems are up to date. As long as you keep patches up to date, it’s extremely difficult for the majority of hackers to get in. The typical web application experiences 4,250 individual attacks each year – meaning that the hacker is randomly scanning for vulnerabilities. Whereas, targeted attacks happen an average of 12 times a year. Patching will help protect your environment from the more common, individual attacks.

Vulnerability Management

The majority of hackers are lazy and look for low hanging fruit, which is anything that is out of date or not patched. Regularly scanning for vulnerabilities will determine where you may have something that is outdated or requires a patch. Hackers will do their own vulnerability scan on your environment to see where they can steal information. This is a simple, low cost practice to help with basic security.

Malware detection/Antivirus software

This often comes standard with a device. However, it’s important that you don’t solely rely on the software itself. Organizations must implement security awareness training so that your employees are familiar with what to avoid when surfing the web or when they see an unusual email come through.

Backups

Backup are essential for remediating activities as well as in preventing ransomware from being effective. Ransomware is a virus that allows will encrypt your data. Hackers who initiated the virus will demand money from companies, with the promise that they will return their data unencrypted. If your implement regular backups, you won’t have to worry about your data being taken for ransom.

Threat Detection

Threat detection includes your firewalls and intrusion detection system (IDS). Your firewall is the first step to monitoring and controlling network traffic based on your security rules. The IDS will detect anything that may get through the firewall. It uses a signature database to identify malicious activity. It also uses heuristics, to identify traffic behavior patterns that could be malicious.

Log monitoring

While these technologies make up a basic cloud security toolkit, they are only part of an effective cloud security program. Organizations need to train all employees on the importance of security and the role they play in it. Having the right people in place to manage the security controls and policies is a first step. However, organizations also need to have a solid, testable plan in the event that an attack or incident occurs. Finally, regular reviews and audits ensure that training, processes and tools are up to date with current security best practices.